Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
A new wave of viruses is targeting cryptocurrency wallets.
The McAfee team has discovered a new strain of mobile malware that targets mnemonic keys containing 12 words used to recover cryptocurrency wallets. This virus is actively spread through fake applications that are disguised as banking, government and utilitarian programs. Once on the device, it collects personal data, including text messages, contacts, and images, which are sent to remote servers of the attackers.
Since January 2024, more than 280 fake apps have started attacking users in Korea. Not only do these programs steal data, but they also hide their activity behind blank screens or redirects.
The malware is spread through phishing messages and social media, where users are instructed to follow links to fake sites that look like the real thing. After landing on such a site, you are prompted to download an APK file, which is actually a viral application. During installation, the app asks for permissions to access SMS messages, contacts, and other data that is used to compromise the device.
Once installed, the malware starts stealing information and sending it to the cybercriminals' servers. It can receive commands to control the device, including changing sound settings and sending SMS messages. The attackers were found to be using vulnerable C&C servers with weak security settings, allowing researchers to access their contents.
One of the key aspects of the attack is obtaining mnemonic phrases to access cryptocurrency wallets. Servers process images from the device using optical character recognition (OCR) technology, which allows you to extract text from photos and simplifies further use of the data.
In recent months, malware has become even more sophisticated. It has moved from simple HTTP requests to WebSocket connections, making it harder to detect and more efficient in real time. Malicious activity now covers not only Korea, but also the UK, which indicates the expansion of the geography of attacks.
An important finding was the use of fake apps such as death notifications, which plays on people's emotions and significantly increases the likelihood that victims will mistake a fake message for the truth. Attackers can also consider attacking iOS users, which poses an additional threat to owners of devices on this platform.
This threat highlights the need for increased caution when installing applications and granting permissions. Regular antivirus software updates and caution when using dubious links can help protect against such attacks.
Source
The McAfee team has discovered a new strain of mobile malware that targets mnemonic keys containing 12 words used to recover cryptocurrency wallets. This virus is actively spread through fake applications that are disguised as banking, government and utilitarian programs. Once on the device, it collects personal data, including text messages, contacts, and images, which are sent to remote servers of the attackers.
Since January 2024, more than 280 fake apps have started attacking users in Korea. Not only do these programs steal data, but they also hide their activity behind blank screens or redirects.
The malware is spread through phishing messages and social media, where users are instructed to follow links to fake sites that look like the real thing. After landing on such a site, you are prompted to download an APK file, which is actually a viral application. During installation, the app asks for permissions to access SMS messages, contacts, and other data that is used to compromise the device.
Once installed, the malware starts stealing information and sending it to the cybercriminals' servers. It can receive commands to control the device, including changing sound settings and sending SMS messages. The attackers were found to be using vulnerable C&C servers with weak security settings, allowing researchers to access their contents.
One of the key aspects of the attack is obtaining mnemonic phrases to access cryptocurrency wallets. Servers process images from the device using optical character recognition (OCR) technology, which allows you to extract text from photos and simplifies further use of the data.
In recent months, malware has become even more sophisticated. It has moved from simple HTTP requests to WebSocket connections, making it harder to detect and more efficient in real time. Malicious activity now covers not only Korea, but also the UK, which indicates the expansion of the geography of attacks.
An important finding was the use of fake apps such as death notifications, which plays on people's emotions and significantly increases the likelihood that victims will mistake a fake message for the truth. Attackers can also consider attacking iOS users, which poses an additional threat to owners of devices on this platform.
This threat highlights the need for increased caution when installing applications and granting permissions. Regular antivirus software updates and caution when using dubious links can help protect against such attacks.
Source
